피드 구독

In the last several weeks, many of you have likely heard about the new security threat that involves the ability to exploit common features of modern CPUs. These attacks, known as “Meltdown” and “Spectre” can impact both bare metal and virtual servers. Red Hat Virtualization has added the “IBRS Family” of CPUs to the supported Cluster CPU type as a means to help protect against the IPRS and IBPM attacks that would result in guest attacks.

NOTE: The first step towards protecting your Red Hat Virtualization environment is to update all components to the latest version. RHV and/or RHEL hosts should be updated, Red Hat Virtualization Manager should be updated, and all guests should be updated.

The feature outlined below is available starting in Red Hat Virtualization 4.1.9 with the use of Intel Nehalem and newer CPUs, when the appropriate microcode is applied to the host(s). After updating the environment and then the Red Hat Virtualization Cluster CPU type to use a IBRS CPU Type (Spectre Variant 2 protection), all VMs in that cluster need to be stopped & started.

In the screenshots below we see the information displayed for a VM, with the guest CPU highlighted. The Intel Broadwell (IBRS) family is indicated,

VM information

In this next screenshot, the hypervisor host kernel sysfs settings are highlighted, specifically regarding PTI (Meltdown), IBPB and IBRS (Spectre):

Host (hypervisor) kernel sysfs settings

In this last screenshot, the host CPU type is highlighted - an IBRS family model capable of protecting guests using this type against in-guest attacks:

Host CPU type

For more information on Meltdown and Spectre, please see this tutorial. For additional information on how to update Red Hat Virtualization to protect against Meltdown and Spectre, please see this knowledge base article.

Hope this helps,

Captain KVM


저자 소개

UI_Icon-Red_Hat-Close-A-Black-RGB

채널별 검색

automation icon

오토메이션

기술, 팀, 인프라를 위한 IT 자동화 최신 동향

AI icon

인공지능

고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트

open hybrid cloud icon

오픈 하이브리드 클라우드

하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요

security icon

보안

환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보

edge icon

엣지 컴퓨팅

엣지에서의 운영을 단순화하는 플랫폼 업데이트

Infrastructure icon

인프라

세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보

application development icon

애플리케이션

복잡한 애플리케이션에 대한 솔루션 더 보기

Original series icon

오리지널 쇼

엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리